Skip to content

OPLIN 4cast #490: Old guards and new guards

Posted in 4cast

stethoscopeA couple of weeks ago, we got a glimpse inside the anti-malware/antivirus (AV) industry, when Google announced a change to the user policies for VirusTotal, an online service owned by Google that checks suspicious files against a malware database. VirusTotal is supposed to be a collaboration of antivirus companies, but Google is now limiting access to only those companies who contribute to the database. This sounds entirely reasonable, but the change has stirred up tensions between the traditional anti-malware industry and the next-gen anti-malware companies and given us an enlightening look inside the computer security business.

  • Infosec freeloaders not welcome as malware silo VirusTotal gets tough (The Register | Iain Thomson)  “For the past 12 years, researchers have been feeding samples of software nasties into VirusTotal, allowing antivirus engines to check they can detect malicious code. But the site has seen an increasing number of security startups have been using the VirusTotal data without giving back. Now Google, and other contributors, have had enough and have changed the terms and conditions of the website. Put simply, if you don’t share samples, you can find your own malware elsewhere.”
  • VirusTotal policy change rocks anti-malware industry (Security Week | Kevin Townsend)  “If a submitted file is found to be malicious, details are circulated to all subscribing companies – and in this sense it is an early and effective threat sharing mechanism. But the check is primarily against signature engines, which we know are only part of traditional anti-malware. Taken in isolation, the effect of the test is misleading. Indeed, VT has always said precisely this. Nevertheless, over the last few years some parts of the next-gen anti-malware industry have not hesitated to use VT results to suggest that the traditional industry is failing its customers.”
  • VirusTotal policy changes spark outrage among newer tech startups (SC Magazine | Max Metzger)  “The database works on a reciprocal relationship, based on contributions from the community of intelligence gathered from AV engines and files discovered in the wild. Companies that don’t use those engines, it appears, cannot contribute and, as of the beginning of this month, cannot access the database. As it happens, this locks out many newer cyber-security companies who eschew AV engines. The policy changes have set many, often start ups, against the move. Critics say this is a cynical tactic employed by the old guard of the industry to hobble the new.”
  • Software security suffers as upstarts lose access to virus data (Reuters | Joseph Menn)  “VirusTotal gets about 400,000 submissions of potentially dangerous files daily, mostly from old-guard antivirus companies like Symantec Corp, Intel Corp and Trend Micro Inc which sit on the most machines. ‘It was never meant to enable new companies to use it as a shortcut by silently relying on, and benefitting from, the service without a corresponding investment,’ said Trend Micro Chief Technology Officer Raimund Genes, one of many old-line tech executives who pushed for the shift. [Andreas] Marx of AV-TEST said that some newer companies secretly relied on data supplied by older companies while marketing themselves as a cut above the older technology.”

Articles from Ohio Web Library: